//package springsecuritylearn.springsecuritylearn.hello4;
//
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//
////由于Spring boot starter自动装配机制,这里无需使用@EnableWebSecurity
////@EnableWebSecurity
//@Configuration
//public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//
//    // 密码编码器,不加密
//    @Bean
//    public PasswordEncoder passwordEncoder() {
//        // return NoOpPasswordEncoder.getInstance(); // 不加密
//        return new BCryptPasswordEncoder();// BCryptPasswordEncoder加密
//    }
//
//    // web url 拦截规则
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//
//                .antMatchers("/admin/p1").hasAuthority("p1")// 访问/admin/p1权限，需要有p1权限
//                .antMatchers("/user/p2").hasAuthority("p2")// 访问/user/p2，需要有p2权限
//                .anyRequest().authenticated()// 所有其他请求必须认证通过
//                .and().formLogin().loginPage("/login").successForwardUrl("/login-success")// 自定义登录成功的页面地址
//                .permitAll().and().logout().permitAll()
//
//                .and()//会话管理
//                .sessionManagement()
//                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);//会话管理
//    }
//}